Portal: Accesing cookies in Portal

Hi, thanks for reading my post
In my application a need to use a cookie to track some session attributes...
In a form the application generates an image (captcha) using a servlet, in that servlet I create a cookie and store a value.
When the user submits the form (in th jsp) i have to compare the cookie value against a parameter. But when i try to read the cookie with the request.getCookies(), the cookie doesn't exist.
When i create the cookie is not in the context of the portal (because i call a servlet that resides in the app context, not in the portal. This is because i need the outputstream of the response), and when i read it, on the submit, the request is in the portal context... At least, I think...
Any ideas on what's the problem?

This question is more appropriate for the Portal Security forum. Please post it there.
Regards,
Jerry
PortalPM

Similar Messages

  • How to find out portal user from sso cookie ?

    Hi,
    I want to find out the portal user id from Portal30_sso cookie. It is required for security in my java servlet.
    Thanks
    Vikas

    First of all, you can't get anything from the portal30_sso cookie or the portal30 cookie or the SSO_ID cookie. These are cookies established for (1) The login server session; (2) The Portal session; (3) The login server single sign-on cookie - visible only to the login server.
    When you want to know who the current user is, you need to establish the context. If your servlet is standalone and not a partner application to the login server and it's not a portlet, etc., then what context does it have? What concept of users does it have? If you are really asking what Portal is currently logged on, that is still a loaded question. The user's browser could be accessing several portal's at the same time, each with a different identity. What I am getting at is that your servlet needs to somehow be associated with a particular portal before it can even think of asking this question.
    The ways to associate your servlet with a portal would be
    [list=1]
    [*]Make it a partner application
    [*]Make it a portlet
    [*]Make it an external application
    [list]
    Hope that helps.

  • Can portal session cookies be used between two data centers

    OAS generates the following header information and session information for my application. However when I need to failover the originating OAS datacenter into my hot stand-by for maintenance or upgrades, the OAS in the other datacenter responds with a 503 web error. We are using Akamai's GTM to manage the liveness of the datacenter, so we would need the hot stand-by OAS portal in that datacenter to return a 302 error code. Is there some method that we can add to our portal application which would always return a 302 error code.
    See header information collected through wfetch. The 503 error is caused by the hot stand-by data center not accepting or recognizing the cookie. Both OAS datacenters are IDENTICAL in Oracle levels, application levels, web servers, portals and OS patches.
    resolve hostname "170.107.183.32"WWWConnect::Connect("170.107.183.32","80")\nsource port: 2182\r\n
    GET /portal/pls/portal/PORTAL.wwsec_app_priv.login?p_requested_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home&p_cancel_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home HTTP/1.1\r\n
    Accept: */*\r\n
    Accept-Language: en-us\r\n
    Accept-Encoding: gzip, deflate\r\n
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)\r\n
    Host: www.thomson-pharma.com\r\n
    Connection: Keep-Alive\r\n
    Cookie: ORA_WX_SESSION="10.225.8.30:80-1#2"; portal=9.0.3+en-us+us+AMERICA+3D66674E7EED0801E04400144F41424E+BBAA98EEB32D58C086231A8D6CBE2E5D402D89B0E79D83A18C668BB0CA7417B4044DEA389C8B50DD37D9272A24B4753B22F29978861DE14503F8B9BEDC2014654B26A434CF074F4D8749B88610ADADF5084A90ADBF749E2A; DATACENTER=EAGAN\r\n
    \r\n
    HTTP/1.1 503 Service Unavailable\r\n
    Cache-Control: private\r\n
    Content-Type: text/html\r\n
    Set-Cookie: ORA_WX_SESSION="10.237.138.33:80-1#2"\r\n
    Set-Cookie: portal=; expires=Wednesday, 27-Dec-95 05:29:10 GMT; path=/\r\n
    Connection: Keep-Alive\r\n
    Keep-Alive: timeout=5, max=999\r\n
    Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=208440262161,0)\r\n
    Content-Length: 710\r\n
    Date: Fri, 26 Oct 2007 14:58:07 GMT\r\n
    \r\n
    Thanks -John

    Hi John,
    This question is probably more appropriate in one of the Portal forums, but perhaps you can take a look at the information in section C.5 Configuring the Portal Session Cookie in Appendix C of the Portal Configuration guide.
    Here is a link: http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_c.htm#sthref1907
    Regards,
    Peter

  • Portal generate excessive cookies in HTTP header

    We are using SUN jes 6.2 and found that it generates excessive number of cookies when we use the client property method on ProviderContext. It looks like, it creates a cookie for each property.
    This is causing proxy servers to reject our site. Has anyone had this problem before and able to solve it?
    Thanks,
    Damitha

    According to the javadoc for 'ProviderContext'
    A session property is shared between all clients using the session. In the case of authless, a session property is shared for all authless clients. In some cases it is desirable to set properties such that there is a 1-1 mapping between client and property. An example of this is a selected tab name. In the case of authless, it would not do to have the selected tab name shared between all authless clients because this would cause all authless clients to have the same selected tab. To set / get properties per accessing client, use the setClientProperty() and getClientProperty() methods.
    SUN support center informed us that the portal software creates a cookie per portlet to store the properties related to the portlet. However, it looks like whenever we call the setClientProperty method, it creates a new cookie.
    Has anyone else noticed this?

  • Cookie Support in xMII portal

    Hi,
    i created one web page. in this i set ChartClickEvent and i get querytemplate of that chart. then i click button to send result of querytemplate to Minitab. i set alert messages to display value of query template and SQL query that is going to send for conversion. i got these values via cookie in javascript. this page is working fine when i call this via browser i.e directly i typed as
    http://<server name>/Illuminator/PortalLogin.jsp?target=/minitab.htm&IllumLoginName=<user name>&IllumLoginPassword=<pass word>&session=true
    but in xMII paotal i add one link to this page via navigation. when i click button to export, it display null messages in alert and it wont convert anything. but the same page working fine outside xMII portal. what is the problem? Is it problem in cookie? because it display values when i call this from browser but displaying null when i call from xMII protal. how to solve this? please help me.
    -senthil

    Are you setting the values in your cookie when you access the page from the portal? I havent used them in a long time, but I'm pretty sure cookies are Domain specific. So if you set in while in one Domain, its not avilable via another. Maybe acessing the page thru the portal puts it in a different Domain?

  • How to restrict the Request and Response process in that cookies should be Secure way SAP Portal 7.0 ?

    Dear Experts,
    Please any one can help me i am getting one security issue.Some third party tools using and hacking the Request and Response of the Server.That time there taking one successfully Request (GET http://1.1 302 found)   and Response (http://1.1 200 ok).In this request based on again there giving some invalidate credential in that time server giving request replacing for success fully Request that time there login in to portal successfully(Bypassing).In this Request level only getting the information for URL and set-cookies only.Here any process is there to restrict the set cookies.like JSESSIONMARKID and JSESSIONID SAP_LB.
    We are using 7.0 Version and SP 12. Please share you are solutions because of this is very high problem here.
    Thanks for Advance
    Thanks and regrades,
    Durga Rao. 

    Dear Samuli,
    Thanks for the Replay,
    We are using HTTPS and SSL confined but man in the middle types of attack is happening here there using one tool based one there taking the Request and Response.The below given cookie are available in that request.
    According to this , set-cookie: JSESSIONMARKID , JSESSIONID and MYSAPSSO2 values are user login time it will change every time  are not.
    After  capturing above response HTTP/1.1 302 etc , when user gives valid credentials and logs in ,
    and now ill give wrong password and wrong user id and on click of log on button, i can intercept the request and response coming from the server and when i replace this valid response stil i am able to loggin in to the portal , which should not happen as JESSIONMARKID is changed , server should not allow , but it is loggin in.Standard Login page also allowing to login in this case.
    My server version is EP 7.0 SP 12.
    Please suggest a solution so that if we restric the hacker at this stage , no matter he can never hijack the sesiona and login  with invalid username and  password.
    Thanks for Advance
    Thanks and regrades,
    Durga Rao.

  • Terminate Portal User Login with JSessionID or MYSAPSSO2 Cookie

    Dear All,
    I know using Visual Administrator , we can terminate the session.
    Is it possible for the administrator to terminate a logged in portal user with his/her  JsessionID or MYSAPSSO2 cookie value or User Id programmatically.?
    Is it possible for portal admin to forcibly exit (logoutl) an active user login  without logging onto visual administrator?
    Regards,
    Eben Joyson

    The only complete mitigation for session hijacking is to run the entire site as SSL. This is Oracle's recommendation if you need a complete mitigation solution. And example of an ATG site running in full SSL is Dennis Kirk (denniskirk.com).
    The problem with doing so is that SSL (a) takes more processing power in the system running the client's browser and (2) incurs latency that degrades the perceived page performance. This is particularly true for consumers running Internet Explorer, where speed-up measures like SPDY are either incomplete or don't work. And for a hard core eComemrce site, slower page performance means that you make less money.
    Most sites, including those that you mention, use a mixture of SSL and non-SSL pages to overcome this. They use non-SSL for those areas of the site where penetration does not have a material negative impact. Browsing catalog pages as an anonymous user, for example. If someone hijacks my session and I'm browsing the catalog anonymously, they're welcome to it. There's nothing private in my session. Even robots can access that content.
    Once I login or go to pages where private information is being exchanged, then you have to secure the session. That's where the protocol switcher servlet comes in. As you authenticate, you switch the user to SSL.
    I've tried a number of additional mitigation steps. Unfortunately I can't discuss them here at this time.
    And none of the servlets that you mention have any benefit with mitigating session hijacking.

  • Portal cookie timeout issue in Tabs within the Browser IE

    Hi Experts,
    We have Portal and Backend configured as SSO.
    Once I logged with Quality Portal ,a ticket is generated, and when I open another tab to login to production portal my quality portal ticket is inconsistent and I get the login screen on applications.
    If I open in a new browser window the issue is not there.
    Hope the cookie generated has the uniqueness for the system but why it is not controlled within TABS of the brower (internet explorer 7).
    Let me know how to override this.
    regards,
    Sethu

    Hi,
    JAVAWS nothing to do with the issue reported.
    Olivier,
    In question to your suggestion, as per note 701205, I'm going to test this parameter 'ume.logon.security.relax_domain.level' to cut which should carry the uniqueness of the system.
    Let me know you tried that parameter and any suggestions on this.
    Regards,
    Sethu

  • Client cookies from 10g Portal

    Hello,
    Is it possible to set persistent cookies by storing it on user's local hard drive from within Portal? I use a PL/SQL generated portal page to redirect to another web application outside Portal environment. Within this PL/SQL procedure, some cookies are created using owa_cookie.send procedure. But, when redirected to the other web application (same domain), all the cookies are lost. What is the ideal way to achieve this function?
    Please help.
    Thanks
    Sandeep.

    Ramesh,
    This is the forum for Portal Content Areas. Please post your question on the PDK forum.
    However, you will likely find the information you're looking for in the white paper Portal Management of Provider Sessions.
    Regards,
    Jerry

  • Portal cookie scope

    I have 2 application servers using the same portal instance.
    Each server is registered as a partner application in the login
    server.
    I want to use this apps servers in load balancing configuration.
    If I login in the app server 1 and then try to access the server
    2 the login screen appears again.
    I change the cookie scope using the script. The servers are :
    web1.xyz.com and web2.xyz.com
    I set the cookie domain in "xyz.com", but doesn't work.
    Does anybody have an idea about it?

    Another note :
    I use the portal30_sso user to modify the cookie domain.
    When I tried to use the portal3 user I found many errors on
    pages, eg. customizations doesn't appear.
    Thanks for you attention

  • Multiple Portal Instances and Cookie Names

    i have three portal instances (3.0.7) under the same database 8.1.7 on NT.
    for example:
    portal30 + portal30_sso
    myportal + myportal_sso
    testportal + testportal_sso
    actually i cannot work on more than one portal at the same time. so, each time i want to work under a particular portal i make sure i am not logged in the other two.
    if i assign a different COOKIE NAME in the
    GATEWAY for each DAD it will fix my problem?
    any suggestion?
    tks!!

    i will appreciate some answer to this posting.
    tks!

  • CIAC-CPSC Portal Session cookie problem on weblogic

    Hi all,
    I´m currently working on a CIAC project with some development made by a partner, the thing is they are using a cookie generated by the application server called “Cognoscookie”, with that they use the session ID to run some queries from a portlet.
    The problem is in the customer weblogic, this cookie is not being generated, I tried on a demo environment over JBOSS and it is being generated.
    Anyone with some weblogic experience have an idea on what is happening?
    I know it is pretty specific question, but you never know if you don’´t ask 
    Thanks in advance,
    Alex.

    Ok, got it, seems that the Cognos cookie is generated on those installs where the reporting components are installed together with the Portal, so in this case those components where missing, and the cookies too.
    Thanks a lot for the help.

  • Accessing cookies from one portal page to another page

    hai Oracle Expects,
    I have 3 pages in Portal 3.0.8-Oracle 8.1.7.
    I have some problem in the cookies.
    I will be thankful if your help me to
    solve my problem.
    The first page get the username and password
    through a procedure based portal form.
    Then it will check the username and password
    with the table and redirects to a corresponding page,if the value is correct. In the second and the third page i need the username and password. For that i used cookies to retrive. But some time it works and some times it wont works. I feel the coding which i used is with bugs.
    If you tell me how to write the cookies
    and to retirve the cookies in the forms i will try that and it will be the solution for my problem. I am expecting your reply .
    Thanks & Regards
    Ramesh.G
    null

    Ramesh,
    This is the forum for Portal Content Areas. Please post your question on the PDK forum.
    However, you will likely find the information you're looking for in the white paper Portal Management of Provider Sessions.
    Regards,
    Jerry

  • Help Needed Urgently !! weblogic portal , webflow, cookies

    Hello!!
    I am new to java related technology, I need help asap,
    Using webflow, I need to make a portlet within a portal with 3 JSP
    pages (login.jsp,welcome.jsp,logout.jsp)
    Login.jsp
    It should have form with 2 textboxes (Username & password) and a
    submit button
    Upon clicking submit button a cookie for username and password should
    be created and the displayed in "welcome.jsp" page.
    welcome.jsp
    Everytime his page is called by the browser it should read the
    username and password from the cookie and display.
    It should have a Button upon clicking which the cookie containing the
    username and password is deleted.
    logout.jsp
    This page should confirm the deletion of cookie and should have a link
    to login.jsp page
    NOTE: PLEASE I NEED THE ENTIRE CODE ASAP.

    you know what ... i need the entire money ... all 3 million $ for that job bevore
    I will write a line :)
    [email protected] wrote:
    Hello!!
    I am new to java related technology, I need help asap,
    Using webflow, I need to make a portlet within a portal with 3 JSP
    pages (login.jsp,welcome.jsp,logout.jsp)
    Login.jsp
    It should have form with 2 textboxes (Username & password) and a
    submit button
    Upon clicking submit button a cookie for username and password should
    be created and the displayed in "welcome.jsp" page.
    welcome.jsp
    Everytime his page is called by the browser it should read the
    username and password from the cookie and display.
    It should have a Button upon clicking which the cookie containing the
    username and password is deleted.
    logout.jsp
    This page should confirm the deletion of cookie and should have a link
    to login.jsp page
    NOTE: PLEASE I NEED THE ENTIRE CODE ASAP.

  • Configure portal to issue ticket (MYSAPPSSO2 cookie) for "higher" domain

    Hello all,
    we have an EP 7.00 (SP 22) which can be accessed using the following (faked) fully qualified URL:
    https://host.sd1.sd2.mycompany.de:[HTTPS-port]/irj/portal
    When logging on to the portal with username and password, the portal issues a logon ticket. In the browser, I can see the MYSAPSSO2 cookie and it is for the following domain:
    .sd1.sd2.mycompany.de
    From the portal, we call some BI report applications, which run on WebFocus. The WebFocus server is in the following domain:
    .sd3.sd4.mycompany.de
    Single sign-on does not work. It only works, if we modify the domain of the MYSAPSSO2 cookie (this we achieved with a firefox-addon) and "cut off" the two subdomains .sd3.sd4
    My question: is it possible, to configure the portal in such a way, that the MYSAPSSO2 cookie is issued for domain
    .mycompany.de ?
    I have read some hints on domain relaxing. But I am not sure, if setting the parameter ume.logon.security.relax_domain.level would help us. If I understood it correctly, we would need to set the value to 3.
    Best regards,
    Philipp Hinnah

    Hi Philipp,
    yes, relax_domain is the correct parameter. By the way - use the search function in SDN and you will find a lot of threads around this issue. And also you would have found the answer.
    Anja

Maybe you are looking for

  • All podcast episodes have disappeared and I'm no longer ranking

    I've successfully uploaded 6 podcast episodes over the past couple of weeks and had been ranking pretty well as of last night. Today I check and my podcast has disappeared from the ranks. When I search on my podcast, it is listed with artwork and des

  • Rules are not working correctly in OCS 10.1.2

    Hi, A few days ago we have encountered a problem in which the BCC rules or any other rules are not processed out of the user's mailbox. For example, a user goes to Oracle Mail (the web access, but not WAC), goes to Filters and creates a new rule for

  • IMac G5 or Powermac for Graphic Design Industry?

    I was wondering what kind of computer does the Graphic Design industry uses? iMac G5 or the Powermac? What do you recommend? I heard that the Powermac is usually used by professionals. Is this true? How does the iMac G5 compare to it? imac G5   Mac O

  • Which exit for MIGO Subcontracting

    Dear Abaper, We were using MB1B t-code for doing subcontracting with reference to PO. We had used a BADI for that. Now, we have upgraded our system to EHP6. In EHP6 MB1B is obsolete. And as per SAP we have to use MIGO. In MIGO we cannot do subcontrac

  • When will 9.0.4 be released?

    Dear Oracle-friends, can you tell me when to expect version 9.0.4 for Windows NT?